on 07-06-2015 5:38 PM
Dear experts,
I am currently trying to integrate a Webchannel application into a third-party website.
The authentication scenario I am trying to implement is the following one:
- The user logs in the third-party website
- The user clicks on a link pointing toward the WCEM application
- Using the header variables, the user is logged in the WCEM application (SSO for web based access)
I am trying to understand if the WCEM authentication uses the UME authentication or if there is a WCEM login module which must be configured with SSO to point toward the UME stack?
If so, should this module be configured in the nwa or in NWDS?
The following test brought me to this question:
- Log in the WCEM nwa
- Open the webchannel application in a new tab
- The nwa user is not recognized and must type in his credentials
Thanks in advance for your help,
Flavien HERETE
Were you able to figure this out? I am in the same situation as you are.
Best regards,
Rozal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Rozal,
With Steffen's help, we managed to have this scenario working.
The assimilation of the third party header has been possible through the "HeaderVariableLoginModule" of the Java NW authentication stack module.
The tough part was the configuration of the Webchannel application, you have to be very careful when initially configuring your WCEM application.
If your configuration is not working yet, be sure to check the following points:
- RFC called by your application, having a _SSO RFC is mandatory
- Certificates exchanged between your Backend and your front-end
- WCEM user module configuration
- Trusted systems
- Logon policies of the NWA
- WCEM NW authentication stack configuration
If you don't see the authentication stack called in your NW authentication traces, it means your WCEM app isn't correctly configured.
Best Regards,
Flavien
Hi Flavien,
please ensure that the authorities are correctly maintained. I recommend that you login in WCEM application/ shop. And ensure that the same user can access the NWA in an other browser window.
If this is fine, you should be able login in NWA and in a second tab launch your WCEM application wo login: the ticket should be taken into account and the switch to the SSO rfc destination should happen. Is the SSO destination correctly configured at all?
Best regards,
Steffen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Flavien,
Please have a look of the below help.
Authorization Concept of the AS Java - Identity Management - SAP Library
Thanks,
Hamendra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you reviewed the WCEM Security Guide?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your reply.
I am indeed following the WCEM security guide: the chapter 5.2.3.1 mentions the following point about the kind of authentication I described :
"The policy configuration can be specified for the application configuration in the User module of Web Channel Builder. The default value is Form, which defines a UME logon with a username and password but without SSO support"
Which isn't totally clear for me: I understand the policy configuration should be define in the "User" module of wcb but no customizing field seems relevant here:
Maybe I got it wrong, and 100% of the customizing is done in the NWA authentication stack?
Thanks in advance for your help.
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.